Category: Network PenTest
What is PsMapExec A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec. PsMapExec is...
PoolParty A collection of fully-undetectable process injection techniques abusing Windows Thread Pools. Presented at Black Hat EU 2023 Briefings under the title – The Pool Party You Will Never Forget: New Process Injection Techniques Using...
BadZure BadZure is a PowerShell script that leverages the Microsoft Graph SDK to orchestrate the setup of Azure Active Directory tenants, populating them with diverse entities while also introducing common security misconfigurations to create...
EvilSlackbot A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces. Background Thousands of organizations utilize Slack to help their employees communicate, collaborate, and interact. Many of these Slack workspaces...
Kerbeus-BOF Beacon Object Files for Kerberos abuse. This is an implementation of some important features of the Rubeus project, written in C. The project features integration with the C2 frameworks Cobalt Strike and Havoc. Download git clone https://github.com/RalfHacker/Kerbeus-BOF.git Use...
RTI-Toolkit RTI-Toolkit is an open-source PowerShell toolkit for Remote Template Injection attacks. This toolkit includes a PowerShell script named PS-Templator.ps1 which can be used from both an attacking and defensive perspective. The following tables present...
LDAPWordlistHarvester A tool to generate a wordlist from the information present in LDAP, in order to crack non-random passwords of domain accounts. Features The bigger the domain is, the better the wordlist will be....
Reaper Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate, vulnerable driver into a target system, which allows attackers to exploit...
POSTDump Another tool to perform a minidump of the LSASS process using a few technics to avoid detection. POSTDump is the C# / .NET implementation of the ReactOS minidump function (like nanodump), thus avoiding...
ExtractBitlockerKeys A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain. Features Automatically gets the list of all computers from the domain controller’s LDAP. Multithreaded connections to extract...
PipeViewer A GUI tool for viewing Windows Named Pipes and searching for insecure permissions. PipeViewer is a GUI tool that allows users to view details about Windows-named pipes and their permissions. It is designed...
KnowsMore KnowsMore is a Swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS, and DCSync). Main features Import NTLM Hashes from .ntds output txt file (generated by CrackMapExec or secretsdump.py)...
MSSqlPwner MSSqlPwner is an advanced and versatile pentesting tool designed to seamlessly interact and pwn MSSQL servers. That tool is based on impacket, which allows attackers to authenticate to databases using clear-text passwords NTLM...
sniffnet Sniffnet is a network monitoring tool to help you easily keep track of your Internet traffic. Sniffnet is a technical tool, but at the same time it strongly focuses on the overall user experience: most of...
Process Stomping A variation of ProcessOverwriting to execute shellcode on an executable’s section What is it Process Stomping, is a variation of hasherezade’s Process Overwriting and it has the advantage of writing a shellcode payload on...